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HMAC-SHA-384, and HMAC-SHA-512 
Status of This Memo 


This document specifies an Internet standards track protocol for the 
Internet community, and requests discussion and suggestions for 


improvements. Please refer to the current edition of the "Internet 
Official Protocol Standards" (STD 1) for the standardization state 
and status of this protocol. Distribution of this memo is unlimited. 


Copyright Notice 
Copyright (C) The Internet Society (2005). 
Abstract 


This document provides test vectors for the HMAC-SHA-224, 
HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 message authentication 


schemes. It also provides ASN.1 object identifiers and Uniform 
Resource Identifiers (URIs) to identify use of these schemes in 
protocols. The test vectors provided in this document may be used 


for conformance testing. 
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This document provides test vectors for the HMAC-SHA-224, 
HMAC-SHA-256, 
It also provides ASN.1 object identifiers and URIs to 
identify use of these schemes in protocols using ASN.1 constructs 
(such as those built on Secure/Multipurpose Internet Mail Extensions 


schemes. 


(S/MIME) 


[4]) 


HMAC-SHA-384, 


or protocols based on XML constructs 


leveraging XML Digital Signatures [5]). 


and HMAC-SHA-512 message authentication 


(such as those 


HMAC-SHA-224 is the realization of the HMAC message authentication 


code 


[1] using the SHA-224 hash function, 


HMAC-SHA-256 is the 


realization of the HMAC message authentication code using the SHA-256 


hash function, 


authentication code using the SHA-384 hash function, 


HMAC-SHA-384 is the realization of the HMAC message 


and HMAC-SHA-512 


is the realization of the HMAC message authentication code using the 


SHA-512 hash function. SHA-224, SHA-256, 
all described in [2]. 
2. Conventions Used in This Document 


The key word "SHOULD" 
described in RFC 2119 


Nystrom 


Standards Track 


and SHA-512 are 


in this document is to be interpreted as 
[3]. 
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3. Scheme Identifiers 


3.1. ASN.1 Object Identifiers 


The following ASN.1 object identifiers have been allocated for these 
schemes: 


rsadsi OBJECT IDENTIFIER ::= 
{iso(1) member-body(2) us(840) rsadsi (113549) } 


digestAlgorithm OBJECT IDENTIFIER {rsadsi 2} 


id-hmacWithSHA224 OBJECT IDENTIFIER ::= {digestAlgorithm 8} 
id-hmacWithSHA256 OBJECT IDENTIFIER ::= {digestAlgorithm 9} 
id-hmacWithSHA384 OBJECT IDENTIFIER ::= {digestAlgorithm 10} 
id-hmacWithSHA512 OBJECT IDENTIFIER ::= {digestAlgorithm 11} 


When the "algorithm" component in a value of ASN.1 type 
AlgorithmIdentifier (see, e.g., [4], Section 10) identifies one of 
these schemes, the "parameter" component SHOULD be present but have 
type NULL. 


3.2. Algorithm URIs 
The following URIs have been allocated for these schemes: 
http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs—5#hmac-—sha-224 
http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-—5#hmac-—sha-256 
http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs—5#hmac-—sha-384 


http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs—5#hmac-—sha-512 


As usual, when used in the context of [5], the <ds:HMACOutputLength> 
element may specify the truncated length of the scheme output. 


4. Test Vectors 

4.1. Introduction 
The test vectors in this document have been cross-verified by three 
independent implementations. An implementation that concurs with the 
results provided in this document should be interoperable with other 


similar implementations. 


Keys, data, and digests are provided in hex. 
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4.2. Test Case 
Key = 


Data = 


IMAC-SHA-224 


IMAC-SHA-256 


IMAC-SHA-384 


MAC-SHA-512 


4.3. Test Case 


2 


O0Ob0b0bObObO0bObObObObO0bObO0bO0bO0bOb 
Ob0bO0b0b 
4869205468657265 


896fb1128abbdf196832107cd49dfF33f 
47b4b1169912ba4f53684b22 

b0344c61d8db38535ca8afceaf0bf12b 
881dc200c9833da726e9376c2e32cfET 
afd03944d84895626b0825f4ab46907F£ 
15f9dadbe4101lec682aa034c7cebc59c 
faea9ea9076ede7f4af152e8b2fa9cb6 
87aa7cdea5ef619d4ff0b4241lald6cb0 
2379f4e2ce4ec2787ad0b30545el7cde 
daa833b7d6b8a702038b274eaea3f4e4 
be9d914eeb61F1702e€696c203a126854 


HMAC-SHA Identifiers and Test Vectors December 2005 


(20 bytes) 
("Hi There") 


Test with a key shorter than the length of the HMAC output. 


Key = 
Data = 


A-224 


5 


5 


1A-256 


5 


1A-384 


IMAC-SHA-512 


Nystrom 


4a656665 
7768617420646£2079612077616e7420 
666f72206e6f7468696e673f 


a30e01098bc6dbbf45690f3a7e9e6d0f 
8bbea2a39e6148008fqd05e44 

5bdcc146bf60754e6a042426089575c7 
5a003f£089dqd2739839dec58b964ec3843 
af45d2e376484031617£78qd2b58a6b1b 
9c7ef464f5a01b47e42ec3736322445e 
8e2240ca5e69e2c78b3239ecfab21649 
164b7a7bfcf819e2e395fbe73b56e0a3 
87bd64222e831fd610270cd7ea250554 
9758bf75c05a994a6d034f65f8f0e6fd 
caeabla34d4a6b4b636e070a38bce737 


Standards Track 


("Jefe") 
("what do ya want ") 
("for nothing?") 
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4.4. Test Case 3 


Test with a combined length of key and data that is larger than 64 


bytes (= block-size of SHA-224 and SHA-256). 
Key aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 

aaaaaaaa (20 bytes) 
Data = dddddddddddddddddddddddddddddddd 


dddddddddddddddddddddddddddddddd 
dddddddddddddddddddddddddddddddd 
dddd (50 bytes) 


1A-224 


Tfb3cb3588c6clf6ffa9694d7d6ad264 
9365b0c1£65d69d1ec8333ea 

HMAC-SHA-256 = 773ea91e36800e46854db8ebd09181a7 
2959098b3ef8C1220d9635514ced565fe 
88062608d3e6ad8a0aa2ace014c8a86F 
Oaa635d94T7ac9febe83ef4e55966144b 
2a5ab39dc13814b94e3ab6e101a34f27 
fa73b0089d56a284efb0F0756c890be9 
blb5dbdd8ee81a3655f83e33b2279d39 
b£3e848279a722c806b485a47e67C807 
b946a337bee8 942674278859e13292fb 


5 


1A-384 


IMAC-SHA-512 


4.5. Test Case 4 


Test with a combined length of key and data that is larger than 64 


bytes (= block-size of SHA-224 and SHA-256). 

Key = 0102030405060708090a0b0cO0d0e0f10 
111213141516171819 (25 bytes) 

Data = cdcdcdcedcededcedcedcedcedcdcdcedcdcded 


cdcdcededededcededcedcedcdcdcdcdcdced 
cdcdcdedcededededcedcdcdcdcedcdcedced 
cdced (50 bytes) 


HMAC-SHA-224 = 6c11506874013cac6a2abclbb382627c 
ec6a90d86efc012de7afecSa 

82558a389a443c0ea4cc819899F2083a 
85f0faa3e578 £807 7a2e3f£46729665b 
HMAC-SHA-384 = 3e8a69b7783c25851933ab6290af6ca7 
7a9981480850009cc5577c6elf573b4e 
6801dd23c4a7d679ccf8a386cb74cffb 
HMAC-SHA-512 = b0ba465637458c6990e5a8c5f61d4af7 
e576d97££94b872de76£8050361lee3db 
a91lca5cllaa25eb4d679275cc5788063 
a5£19741120c4f2de2adebeb10a298dd 


MAC-SHA-256 
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4.6. Test Case 5 


Test with a truncation of output to 128 bits. 


Key = OcOcOcO0cO0cO0cO0c0cO0cOc0cO0cOcO0c0c0c 
OcOcO0cO0c (20 bytes) 

Data = 546573742057697468205472756e6361 ("Test With Trunca") 
74696f6e ("tion") 


HMAC-SHA-224 = Oe2aea68a90c8d37c988bcdb9fcabfa8 
HMAC-SHA-256 a3b6167473100ee06e0C796c2955552b 
HMAC-SHA-384 = 3abf34c3503b2a23a46efc619baef897 
HMAC-SHA-512 415fad6271580a531d4179bc891d87a6 


4.7. Test Case 6 


Test with a key larger than 128 bytes (= block-size of SHA-384 and 
SHA-512). 
Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 


aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 


aaaaaa (131 bytes) 

Data = 54657374205573696e67204c61726765 ("Test Using Large") 
72205468616e20426c6f636b2d53697a ("r Than Block-Siz") 
65204b6579202d2048617368204b6579 ("e Key - Hash Key") 
204669727374 (" First") 


HMAC-SHA-224 


95e9a0db962095adaebe9b2d6f0dbce2 
d499f112£2d2b7273fa6870e 

60e43159lee0b67f£0d8a26aacbf5b77£ 
8e0bc6213728c5140546040f0ee37£F54 
4ece084485813e9088d2c63a041bc5b4 
4f9ef1012a2b588f3cd11£05033ac4c6 
Oc2ef6ab4030feE8296248df163f44952 
HMAC-SHA-512 = 80b24263c7cla3ebb71493cldd7be8b4 
9b46d1£41b4aeec1121b013783f8 F352 
6b56d037e05f2598bd0fd2215d6ale52 
95e64£73£63f0aec8b915a985d786598 


1A-256 


IMAC-SHA-384 
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4.8. Test Case 


Test with a key and data that is larger than 128 bytes 


7 
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of SHA-384 and SHA-512). 


Key = 


Data = 


HMAC-SHA-224 


: 


1A-256 


HMAC-SHA-384 


HMAC-SHA-512 


aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
aaaaaa 
54686973206973206120746573742075 
736962672061206C6172676572207468 
616e20626c6£636b2d73697a65206b65 
7920616e642061206c61726765722074 
68616e20626c6f636b2d73697a652064 
61746126e20546865206b6579206e6565 
647320746£2062652068617368656420 
6265666£7265206265696e6720757365 
642062792074686520484d414320616c 
676£726974686d2e 


3a854166ac5d9f023f54d517d0b39dbd 
946770db9c2b95c9F6F565d1 

9b09Ffa71b942Ffcb27635fbcd5b0e944 
bfdc63644f0713938a7£51535c3a35e2 
6617178e941f020d351e2f254e8Ffd32c 
602420feb0b8 fb9¥9adccebb82461e99c5 
a678cc31e799176d3860e6110c46523e 
e37b6a775dc87dbaa4dfa9f96e5e3ffd 
debd71£8867289865df5a32d20cdc944 
b6022cac3c4982b10d5eeb55c3e4del15 
134676fb6de0446065c97440fa8cb6a58 


5. Security Considerations 


December 2005 


(= block-size 


(131 bytes) 

("This is a test u") 
("sing a larger th") 
("an block-size ke") 
("y and a larger t") 
("han block-size d") 
( ) 
( ) 
( ) 
( ) 
( 


T i 
T Li 


"ata. The key nee" 
"ds to be hashed " 
"before being use" 
"d by the HMAC al" 
"gorithm. ") 


This document is intended to provide the identifications and test 
vectors for the four identified message authentication code schemes 


to the Internet community. 


No assertion of the security of these 


message authentication code schemes for any particular use is 


intended. 


The reader is referred to 


[1] 


general security of the HMAC construction. 


Nystrom 


Standards Track 


for a discussion of the 
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